Job Responsibilities
Our mission is to support teachers, empower parents, and serve students so all graduates are prepared for success.
Job Purpose
The South Carolina Department of Education (SCDE) is seeking a highly experienced and strategically minded Chief Information Security Officer (CISO) to lead the agency’s enterprise information security program. Reporting to executive leadership and coordinating with the SC Division of Information Security (DIS), the CISO establishes and maintains the vision, strategy, and program to ensure information assets and technologies are adequately protected. This senior-level role is critical for ensuring the security, integrity, and privacy of information systems across the agency, advising executive management on data governance, and implementing robust security strategies that align with both federal and state regulations, including Family Educational Rights and Privacy Act (FERPA), National Institute of Standards and Technology (NIST) frameworks, and SC DIS requirements.
Responsibilities
- Develop and execute a comprehensive, long-term information security strategy and road map aligned with agency goals and the SC state government security strategy; design and maintain the agency’s enterprise security plan, security architecture, policies, standards, and procedures, including recommendations for enhancements and risk mitigation strategies.
- Oversee and direct the Agency’s business continuity and disaster recovery planning and cyber incident response processes, ensuring full recovery capabilities within established timeframes.
- Manage continuous monitoring of the Agency’s security infrastructure, including threat models, vulnerability assessments, compliance reviews, infrastructure scans, SIEM operations, and audit/transaction log reviews. Lead incident detection, response, containment, eradication, recovery, and post-incident activities; coordinate responses to internal and external security threats.
- Conduct regular assessments and audits of systems, including application, network, and data flow reviews, to ensure compliance with security policies, laws, best practices, and contractual obligations (third-party compliance, MOUs, and NDAs for contractors), including FERPA, NIST SP 800-53, CJIS, IRS Publication 1075, PCI DSS, and SC DIS requirements.
- Lead vendor risk management; establish security requirements for vendor and partner relationships including contracts, MOUs, and statements of work. Oversee third-party security assessments, audits, and evaluations to ensure vendors meet agency security standards.
- Serve as the agency’s primary liaison with the SC Division of Information Security (DIS), participating in regular coordination meetings and ensuring alignment with statewide cybersecurity standards, directives, and enterprise security strategy.
- Foster a security-aware culture through ongoing security awareness training, phishing assessments, and communication strategies. Work with school districts to enhance information security awareness and promote best practices in remediation and vulnerability management.
- Control access to agency systems and data through administrative, physical, and technical controls including identity and access management (IAM) and privileged access management (PAM). Proactively evaluate best-in-class and emerging technologies—including Zero Trust architecture, cloud security, and AI-enabled threat detection—that may improve security posture and support Agency mission.
- Work with and mentor information security staff, fostering a high-performing team to develop and implement Agency goals. Communicate security risk, program status, and effectiveness clearly to executive leadership and the agency head.
This position is located in the Office of Information Technology.
Minimum And Additional Requirements
A bachelor's degree in information technology systems, computer science, or related field and experience in the information technology field to include experience in a security-focused role. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.
Preferred Qualifications
- Bachelor’s degree in a relevant field (Information Security, Computer Science, Information Technology, etc.) or commensurate training and/or experience in information security. Master’s degree preferred. Relevant experience may be substituted for the bachelor’s degree on a year-for-year basis.
- Eight plus (8+) years of progressive experience in information technology, with a minimum of four (4) years in information security, risk management, security compliance, or IT auditing, and at least three (3) years in a security leadership or supervisory role.
- One (1) or more of the following certifications is required: CISSP, CISM, CRISC, or CCISO. Additional certifications such as CISA, GIAC, CIPM, CIPP, CEH, or GCIH are a plus.
- Expert knowledge of information security risk management principles and frameworks including NIST CSF, NIST SP 800-53, ISO 27001, and CIS Controls. In-depth understanding of state and federal regulations related to information security and data privacy, including FERPA, CJIS, IRS Publication 1075, and PCI DSS.
- Demonstrated experience in security operations, incident response, vulnerability management, identity and access management (IAM/PAM), vendor risk management, and business continuity planning. Experience with cloud security and securing hybrid IT environments.
- Strong interpersonal and communication skills with the ability to explain complex security concepts to executive-level and non-technical audiences. Ability to foster a cooperative, high-performing work environment and mentor technical staff.
- Knowledge of South Carolina state government procedures, procurement principles, and contracting practices is highly desirable. Prior experience in state or local government, education, healthcare, or another highly regulated environment preferred.
- Commitment to continually building on existing knowledge and skills to stay current on the latest cybersecurity threats, tools, and innovations. Desire to innovate and create cutting-edge solutions that make a significant impact in an empowering work environment.
Additional Comments
As a part of a competitive compensation package, we offer comprehensive benefits that include generous paid time off, preeminent health care benefits, professional development opportunities, pension, a 401(k), and a hybrid work schedule with opportunity for remote work.
The South Carolina Department of Education offers an exceptional benefits package that includes:
- Health, Dental, Vision, Long Term Disability, and Life Insurance for Employee, Spouse, and Children.
- 15 days annual (vacation) leave per year.
- 15 days sick leave per year.
- 13 paid holidays.
- State Retirement Plan and Deferred Compensation Programs (401(k) and 457 options).
ONLY THOSE APPLICANTS CHOSEN FOR AN INTERVIEW WILL BE NOTIFIED BY LETTER THAT THE POSITION HAS BEEN FILLED.
http://www.ed.sc.gov/jobs/human-resources/title-ix-nondiscrimination/